HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

New AEHIS/ MDISS Partnership to Focus on Advancing Medical Device Cybersecurity

A new partnership has been announced between CHIME’s Association for Executives in Healthcare Information Security (AEHIS) and the Foundation for Innovation, Translation and Safety Science’s Medical Device Innovation, Safety and Security Consortium (MDISS). The aim of the new collaboration is to help advance medical device cybersecurity and improve patient safety.

The two organizations will work together to help members identify, mitigate, and prevent cybersecurity threats by issuing cybersecurity best practices, educating about the threats to device security, training members, and promoting information sharing.

For the past three years, AEHIS has been helping healthcare organizations improve their information security defences. More than 700 CISOs and other healthcare IT security leaders have benefited from the education and networking opportunities provided by AEHIS. AEHIS helps its members protect patients from cyber threats, including cyberattacks on their medical devices, though its educational efforts, sharing best practices, and many other activities.

MDISS now consists of more than 2,000 hospitals and dozens of medical device manufacturers who are working together to improve medical device cybersecurity. MDISS has helped to make medical device risk assessments cheaper, faster, and more accessible, while bringing together regulatory bodies, patient advocates, insurers, security researchers, medical device manufacturers, and healthcare providers to advance best practices in medical device cybersecurity and risk management.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

It is hoped that the collective voice of AEHIS and MDISS will help to improve information security practices and ensure patients – and health data – are better protected.

“The scale and reach of AEHIS’ education network is a perfect complement to MDISS’ continuous release of envelope-pushing technologies and best practices,” said Dale Nordenberg, executive director of MDISS. “AEHIS will play a key role in accelerating the adoption of next-generation medical device security assessment platforms like MDRAP.”

“Together, AEHIS and MDISS joining forces to advocate and advance better medical device security will benefit AEHIS members and MDISS stakeholders alike,” said Sean Murphy, chair of the AEHIS collaborative relationships committee and vice president and CISO at Premera Blue Cross.

Key Goals of the New Partnership

  • Educating healthcare organizations about medical device cybersecurity strategies
  • Developing and sharing medical device cybersecurity best practices
  • Promoting the adoption of the NIST’s cybersecurity framework
  • Identifying new best practices for securing medical devices and mitigating vulnerabilities
  • Increasing awareness of medical device vulnerabilities among federal policymakers
  • Determining best practices to engage members in advocacy for cyber protection of medical devices
  • Examining the issues that are preventing the sharing of cybersecurity and medical device vulnerability information and helping to support information sharing through existing or modified information sharing efforts.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.